tell the team that is running the IPS to change their policy from DROP
to something else, so you are not a captive audience to the timeout.
By sending a RST, they can cause Squid to close the connection and
fail faster. if they are intercepting the DNS request, have them
leverage an RPZ and send a
list members,
i am running squid 6.5 on fedora 38, and have found this issue when
running "cache sharing" (or cache_peer siblings) between my 3 squid
instances. a couple weeks ago, this was happening and an update seems
to have fixed the majority of issues. when i ran into the issue, i
coul
On 11/3/23 8:27 AM, Amos Jeffries wrote:
On 3/11/23 08:14, jose.rodriguez wrote:
On 2023-11-02 13:46, Brendan Kearney wrote:
list members,
i am trying to log to a mariadb database, and cannot get the
log_db_daemon script working. i think i have everything setup, but
an error is being
On 11/2/23 2:51 PM, Brendan Kearney wrote:
On 11/2/23 2:49 PM, Francesco Chemolli wrote:
Hi Robert,
are you sure that you have the required packages on your system?
You'll need perl-DBD-MariaDB and what it depends on
On Thu, Nov 2, 2023 at 6:41 PM Brendan Kearney wrote:
On 11/2
On 11/2/23 2:49 PM, Francesco Chemolli wrote:
Hi Robert,
are you sure that you have the required packages on your system?
You'll need perl-DBD-MariaDB and what it depends on
On Thu, Nov 2, 2023 at 6:41 PM Brendan Kearney wrote:
On 11/2/23 2:14 PM, Robert 'Bobby&#
On 11/2/23 2:14 PM, Robert 'Bobby' Zenz wrote:
Use of uninitialized value $DBI::errstr in concatenation (.) or
string at /usr/lib64/squid/log_db_daemon line 403.
You're trying to use an uninitialized variable when outputting(?) the
error message. Fix that first. I'm guessing you're using the `er
list members,
i am trying to log to a mariadb database, and cannot get the
log_db_daemon script working. i think i have everything setup, but an
error is being thrown when i try to run the script manually.
/usr/lib64/squid/log_db_daemon /database:3306/squid/access_log/brendan/pass
Connectin
list members,
i have a couple squid instances that are performing bump/peek/splice and
generating dynamic certs. i want to share the certs that are generated
by the individual instances across the rest of them, via NFS or some
shared mechanism. so, if squid1 creates a certs i want squid2, sq
.2,server2.bpk2.com,-,28/Jul/2023:13:01:02
-0400,192.168.88.2,3128,-,"squid",GET,"HTTP/1.0","http://proxy2.bpk2.com:3128/squid-internal-mgr/","cachemgr.cgi/6.1",404,372,-,"TCP_MISS/HIER_NONE","text/html";
Jul 28 12:59:15 server2 (squid-1)[22
, is needed what is that?
thanks,
brendan
On 7/29/23 12:22 PM, Alex Rousskov wrote:
On 7/29/23 11:07, Brendan Kearney wrote:
the package installed does not have any file named MGR_INDEX. running
"rpm -ql squid |grep -i index" does not return anything. searching in
/usr/share/squ
that helps.
thank you,
brendan
On 7/29/23 1:26 AM, Amos Jeffries wrote:
On 29/07/23 14:42, Alex Rousskov wrote:
On 7/28/23 20:08, Brendan Kearney wrote:
i am running squid 6.1 on fedora 38, and cannot get the cachemgr.cgi
working on this box. I am getting the error:
Internal Error: Missin
list members,
i am running squid 6.1 on fedora 38, and cannot get the cachemgr.cgi
working on this box. I am getting the error:
Internal Error: Missing Template MGR_INDEX
when i try to connect using the cache manager interface. oddly, when i
connect from a different host running squid, usi
You need an ICAP server intelligent enough to differentiate between the
file types. Squid is a proxy and can only deal with the protocol. An ICAP
server can deal with the content. C-icap and ecap are a couple options
that seem to be available. I havr no experience with either.
On Jun 27, 2017
(simple) instructions to have Kerberous
auth supported ftom Mac/iPhone/iPad and Linux (Ubuntu/CentOS) it would be
beneficial to all.
Best regards,
Rafael Akchurin
Op 9 mrt. 2017 om 19:47 heeft Brendan Kearney het volgende
geschreven:
On 03/09/2017 01:17 PM, Rafael Akchurin wrote:
The thing is
On 02/08/2017 09:54 PM, Kottur, Abhijit wrote:
Hi Team,
I am writing this email to understand the capabilities of the product
‘squid-cache’.
Requirement:
I have an executable(.exe) which is trying to hit an internet website.
This executable has the capability to accept proxy IP and port.
On 12/15/2016 04:20 PM, Yuri Voinov wrote:
15.12.2016 20:29, Bryan Peters пишет:
My Google-fu seems to be coming up short.
We have an application that ties into our users SSO/LDAP servers.
We, don't run an LDAP server of our own, we're just making outbound
calls to their LDAP servers.
I
On 09/23/2016 10:28 AM, lravelo wrote:
Good morning!
I have four squid 3.3.8 proxies load balanced behind two VIPs (in groups of
two) using least connections load balancing. I've been having issues with
the .amazonaws.com and .cloudfront.com domains. We use TCP load balancing
and not HTTP load
You want Kerberos and/or NTLM authentication for Single Sign On. These
authentication methods automatically provide credentials when browser are
configured and the necessary network services are running.
On Aug 17, 2016 6:30 PM, "erdosain9" wrote:
> lol
> no, for all the ACL.
> vip and control.
At what point does buffer bloat set in? I have a linux router with the
below sysctl tweaks load balancing with haproxy to 2 squid instances. I
have 4 x 1Gb interfaces bonded and have bumped the ring buffers on RX and
TX to 1024 on all interfaces.
The squid servers run with almost the same hardwa
On 07/20/2016 08:24 PM, brendan kearney wrote:
Developer tools is not browser specific. Both IE and Firefox have
it. Not sure about Chrome.
Yes telerik fiddler is what I meant. There is a free version I use.
I have not come across an open source equivalent.
On Jul 20, 2016 8:12 PM
ly 2016 at 01:07:51, brendan kearney wrote:
>
> > I would use developer tools (press f12 in your browser)
>
> That sounds quite browser-specific - thanks for mentioning previously that
> you're using Firefox.
>
> > or maybe run fiddler to dig into the details.
>
&g
I would use developer tools (press f12 in your browser) or maybe run
fiddler to dig into the details.
On Jul 20, 2016 6:59 PM, "brendan kearney" wrote:
> Firefox on android :)
>
> On Jul 20, 2016 6:34 PM, "Antony Stone"
> wrote:
>
>> On Thursday 21 Jul
Firefox on android :)
On Jul 20, 2016 6:34 PM, "Antony Stone"
wrote:
> On Thursday 21 July 2016 at 00:25:38, brendan kearney wrote:
>
> > An error occurred during a connection to e-vista.scsolutionsinc.com. SSL
> > received a weak ephemeral Diffie-Hellma
An error occurred during a connection to e-vista.scsolutionsinc.com. SSL
received a weak ephemeral Diffie-Hellman key in Server Key Exchange
handshake message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
On Jul 20, 2016 5:49 PM, "Antony Stone"
wrote:
On Wednesday 20 July 2016 at 23:38:03,
Nscd or name server caching daemon may be of help. I believe you can run
your own bind instqnce and point it at the roots, instead of using your
isp's broken implementation
On Jun 30, 2016 2:21 PM, "Chris Horry" wrote:
>
>
> On 06/30/2016 13:34, Alex Crow wrote:
> > I'd suggest changing IP as th
On 04/16/2016 09:39 AM, asad wrote:
Hello,
I'm in the process of helping a friend who works in a bank whose
management have decided to move from Squid infra to bluecoat PorxySG
solution.
I want to know what are the pitfalls that must be imagined from
project management as on technical end.
On 04/03/2016 08:06 PM, Amos Jeffries wrote:
On 4/04/2016 4:22 a.m., Brendan Kearney wrote:
with fedora 24 being released in a couple months, haproxy v1.6.x will be
available, and the ability to easily intercept HTTP traffic will be in
the version (see the set-uri directive). with v1.6 i will
with fedora 24 being released in a couple months, haproxy v1.6.x will be
available, and the ability to easily intercept HTTP traffic will be in
the version (see the set-uri directive). with v1.6 i will be able to
rewrite the URL, so that squid can process the request properly. my
problem is t
On 03/09/2016 06:18 AM, Amos Jeffries wrote:
On 9/03/2016 4:59 a.m., Brendan Kearney wrote:
i have a roku4 device and it constantly has issues causing it to
buffer. i want to try intercepting the traffic to see if i can smooth
out the rough spots.
Squid is unlikely to help with this issue
i have a roku4 device and it constantly has issues causing it to
buffer. i want to try intercepting the traffic to see if i can smooth
out the rough spots. i can install squid on the router device i have
and intercept the port 80/443 traffic, but i want to push the traffic to
my load balanced
On 11/24/2015 10:08 AM, Verónica Ovando wrote:
My Squid Version: Squid 3.4.8
OS Version: Debian 8
I have installed Squid on a server using Debian 8 and seem to have the
basics operating, at least when I start the squid service, I have am
no longer getting any error messages. At this time,
On 11/18/2015 10:42 PM, Amos Jeffries wrote:
On 19/11/2015 3:08 p.m., Brendan Kearney wrote:
I am trying to set up a transparent, intercepting squid instance, along
side my existing explicit instance, and would like some input around
what i have buggered up so far.
i am running HAProxy in
So does that mean I can run the DNAT on the firewall/router/load balancer
device and remove the intercept line from my configs, and expect things to
work?
On Nov 18, 2015 10:43 PM, "Amos Jeffries" wrote:
> On 19/11/2015 3:08 p.m., Brendan Kearney wrote:
> > I am trying to s
I am trying to set up a transparent, intercepting squid instance, along
side my existing explicit instance, and would like some input around
what i have buggered up so far.
i am running HAProxy in front of two squid instances, with the XFF
header added by HAProxy. My squid configs are all set
I am interested in this topic. Would love to hear about your progress.
The os that squid runs on must participate in a dynamic routing protocol
such as ospf and needs to advertise a route to the multicast ip via itself.
Generally this is done by adding a virtual interface to the loopback and
giv
On 10/20/2015 02:26 PM, sebastien.boulia...@cpu.ca wrote:
Hi,
I would like to monitor Squid with Centreon using SNMP.
I configured Squid using http://wiki.squid-cache.org/Features/Snmp
## SNMP Configuration
acl snmpcpu snmp_community cpuread
snmp_port 3401
snmp_access allow snmpcpu localne
On 07/31/2015 08:34 AM, Dan Purgert wrote:
Quoting Eliezer Croitoru :
I managed to make it work!
I am using ubuntu 14.04.2 with openLDAP and phpldapadmin.
I have changed my server to look like yours and it still didn't work.
So what I did was this: I changed the command to:
/usr/lib/squid3/ext_
Not near my gear and notes, but will get you what I have later.
On Jul 31, 2015 10:31 AM, "Eliezer Croitoru" wrote:
> On 31/07/2015 15:37, brendan kearney wrote:
>
>> Pretty sure memberOf is an overlay you have to enable in openldap
>>
>
> I have tried to use
Pretty sure memberOf is an overlay you have to enable in openldap
On Jul 31, 2015 8:34 AM, "Dan Purgert" wrote:
Quoting Eliezer Croitoru :
I managed to make it work!
> I am using ubuntu 14.04.2 with openLDAP and phpldapadmin.
> I have changed my server to look like yours and it still didn't work
Look into the pacparser project on github. It allows you to evaluate a pac
file and test the logic.
Hi All,
I have 2 issues
First one: How can i bypass proxy for an IP in LAN.
Second one:
I am running squid on openwrt and i want to allow some websites to bypass
proxy and want to allow them go
On 06/08/2015 06:46 PM, Amos Jeffries wrote:
On 8/06/2015 11:02 p.m., Antony Stone wrote:
On Monday 08 June 2015 at 12:53:00 (EU time), Robert Lasota wrote:
the problem is it still writes logs to files /var/log/access.log or
/opt/var/log/access.log (depends what I set in conf) but never to rsy
On 06/08/2015 04:23 PM, Rafael Akchurin wrote:
Hello all,
What is the recommended approach to perform load balancing and high
availability between N squid servers?
I have the following list of requirements to fullfil:
1) Manage N squid servers that share cache (as far as i understand is done
i have 2 squid instances behind HAProxy, balanced using leastconn. each
proxy server has a NFS mount under /etc/squid/acls/ where external acls
are kept. because the NFS mount is common to both instances, i only
need to make an update in one place and both proxies will get the
update. when i
Note the lack of a user-agent string. This is likely an app that cannot
authenticate.
My standard for Auth Bypass is source IP, user-agent string and destination
URL. Generally the source is preferred to be statically assigned otherwise
you need to allow the entire dhcp pool or range. Because t
On Thu, 2015-03-26 at 13:53 +1300, Amos Jeffries wrote:
> On 26/03/2015 10:26 a.m., Brendan Kearney wrote:
> > On Wed, 2015-03-25 at 15:03 +1300, Amos Jeffries wrote:
> >> On 25/03/2015 9:55 a.m., brendan kearney wrote:
> >>> Was not sure if bugzilla was used for mail
On Wed, 2015-03-25 at 15:03 +1300, Amos Jeffries wrote:
> On 25/03/2015 9:55 a.m., brendan kearney wrote:
> > Was not sure if bugzilla was used for mailing list issues. If you would
> > like me to open one, I will but it looks like the list is working again.
>
> Bugzilla is
Was not sure if bugzilla was used for mailing list issues. If you would
like me to open one, I will but it looks like the list is working again.
On Mar 24, 2015 2:25 PM, "Brendan Kearney" wrote:
> On Tue, 2015-03-24 at 10:18 -0400, Brendan Kearney wrote:
> > while load
On Tue, 2015-03-24 at 10:18 -0400, Brendan Kearney wrote:
> while load balancing is not a requirement in a proxy environment, it
> does afford a great deal of functionality, scaling and fault tolerance
> in one. several if not many on this list probably employ them for their
> proxie
e.
>
> On Thu, Mar 19, 2015 at 7:27 PM, Brendan Kearney
> wrote:
> On Thu, 2015-03-19 at 19:01 -0600, Samuel Anderson wrote:
> > Hello All,
> >
> >
> > I have 2 squid servers that authenticate correctly when you
>
On Thu, 2015-03-19 at 19:01 -0600, Samuel Anderson wrote:
> Hello All,
>
>
> I have 2 squid servers that authenticate correctly when you point your
> browser to either of them. I'm using a negotiate_wrapper. I set it up
> following this
> (http://wiki.squid-cache.org/ConfigExamples/Authenticate/W
On Tue, 2015-03-17 at 16:13 -0300, Marcus Kool wrote:
> it has a configuration option to respond with
> 'allow all' during a reconfiguration.
a Fail-Open policy can be a security gap, and should be considered
carefully before implementing. the intention of the whitelisted URLs is
to prevent acces
at this moment sends
> "here I am" messages to WCCP-enabled router, which will redirect
> traffic on alive cache. The same time you can reconfigure second squid
> instance a visa versa.
>
> 18.03.15 0:00, Brendan Kearney пишет:
> > On Tue, 2015-03-17 at 11:59 -0600, S
On Tue, 2015-03-17 at 11:59 -0600, Samuel Anderson wrote:
> Unfortunately thats not really an option for me. I've already built
> everything just using squid. It works great and does everything I need
> it to do with the exception of refreshing the ACL lists. I just need
> to find a way to refresh
On Tue, 2015-02-24 at 15:04 +0100, Peter Oruba wrote:
> Hello everybody,
>
>
> I’d like to distinguish multiple clients that are behind NAT from
> Squid’s perspective. Proxy authentication or sessions are not an
> option for different reasons and the idea that came up was to assign
> each client
On Wed, 2015-01-21 at 02:10 +1300, Amos Jeffries wrote:
> On 21/01/2015 1:38 a.m., Simon Staeheli wrote:
> >> Whatever floats your boat. The point of the Addon/Plugin/helpers
> >> API is that you can use scripts if thy serve your needs better.
> >>
> >> All the usual Open Source benefits of "many
On Tue, 2015-01-13 at 09:30 +0200, Eliezer Croitoru wrote:
> Hey,
>
> Did you had the chance to see this page:
> http://findproxyforurl.com/example-pac-file/
>
> Eliezer
>
> On 13/01/2015 06:22, Simon Dcunha wrote:
> > Dear Sarfraz,
> > appreciate your immediate reply
> >
> > Heres attached is m
i have been running Squid with DansGuardian, ClamAV and Privoxy for
quite some time, and have been successful and moderately pleased with
functionality and performance.
while DG has been a means for me to perform A/V scanning at the
infrastructure layer via ClamAV, the penalty has been losing HTTP
On Tue, 2014-12-16 at 19:40 +0100, Natxo Asenjo wrote:
> hi,
>
> we have 2 centos 6 hosts providing a load-balanced squid service
> (behind keepalived and haproxy; haproxy sends requests to both squids)
> and authenticating users against an Active Directory environment. This
> is working really ni
On Thu, 2014-11-27 at 02:24 -0800, christianmolecki wrote:
> Hello everyone,
>
> we are using squid 3.4.6 with ntlm authentification.
> Depending on ActiveDirectory group memberships, the user is able to use
> different protocols.
> This works very well.
>
> Now we need for some websites an addit
On Wed, 2014-11-19 at 19:06 +0530, Nishant Sharma wrote:
>
> On 19 November 2014 6:41:44 pm IST, brendan kearney wrote:
>
> >it
> >if the Content-Type header is not set to
> >"application/x-ns-proxy-autoconfig".
> >
>
> Ah so that is why most of
e errors slip through.
> On Nov 18, 2014 9:45 PM, "Jason Haar" wrote:
>
>> On 19/11/14 01:39, Brendan Kearney wrote:
>> > i would suggest that if you use a pac/wpad solution, you look into
>> > pactester, which is a google summer of code project that ex
On Tue, 2014-11-18 at 08:35 -0300, Carlos Defoe wrote:
> Well, you just wrote a load balancer in PHP, with a load balancing
> algorithm in it. It serves the same purpose as HAproxy (I don't really
> use HAproxy, so I don't know, but I use the F5 big-ip which is
> perfectly capable of testing Intern
lived.
> Are you able to serve also https without any problem through HAProxy or
> only http request?
>
> regards,
> a.
>
>
>
> On Sun, Nov 16, 2014 at 8:00 PM, brendan kearney wrote:
>
>> I use kerberos auth and do not have issues. You have to pay attentio
> On Sun, Nov 16, 2014 at 5:51 PM, Brendan Kearney wrote:
>
>> i use HAProxy to load balance based on the least number of connections
>>
>
> Do you use kerberos/AD authentication?
> Any issues with HAPROXY in front of the squid nodes?
>
> Thx,
> a.
>
>
_
On Sun, 2014-11-16 at 17:22 +0100, Kinkie wrote:
> On Sun, Nov 16, 2014 at 4:54 PM, alberto wrote:
> > Hello everyone,
> > first of all thanks to the community of squid for such a great job.
>
> Hello Alberto,
>
> [...]
>
> > I have some questions that I would like to share with you:
> >
> > 1.
On Tue, 2014-10-07 at 20:50 +0200, Marcel wrote:
> Hello,
>
> I have some more information.
>
> The problem seems to have nothing to do with samba, krb5 or anything
> else. I set up a new squid that isn't in the AD and doesn't use any
> kind of authentication at all.
>
>
> I have the exact same
66 matches
Mail list logo
